With the `GITHUB_TOKEN`, it's possible to push commits to the repository bypassing standard approval processes. In affected versions and for a repository with the () enabled that triggers on `pull_request_target` (or `schedule`), an attacker can send a crafted Pull Request that causes a `GITHUB_TOKEN` to be exposed. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.Ī security feature bypass issue in WhatsApp Desktop versions prior to v could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.Ĭheck-spelling is a github action which provides CI spell checking. MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext.
0 Comments
Leave a Reply. |